CVE-2024-53119: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53119 affects the Linux kernel's virtio/vsock component, specifically related to a memory leak vulnerability in the accept_queue functionality. The vulnerability was discovered and disclosed in December 2024, affecting Linux kernel versions from 5.10 up to versions before 6.1.119, 6.6.63, and 6.11.10 (NVD).

The vulnerability occurs in the virtio_transport_recv_listen() function where a race condition exists during socket destruction. When the final stages of socket destruction are delayed, the function may be called after the accept_queue has been flushed but before the SOCK_DONE flag is set. This timing issue allows sockets to be enqueued after the flush, resulting in unremoved sockets and consequently a memory leak. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability leads to a memory leak in the Linux kernel's virtio/vsock component, which could result in system resource depletion over time. The issue specifically affects the socket destruction process, potentially impacting system stability and performance (Kernel Patch).

The vulnerability has been fixed in Linux kernel versions 6.1.119, 6.6.63, and 6.11.10. The fix introduces a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction, preventing the memory leak condition. Users are advised to upgrade to these or later versions (Debian Security).